Last week, Amazon Web Services (AWS) experienced a massive outage that disrupted cloud-connected services around the world, from Zoom and Ticketmaster to Wordle and smart mattresses. The outage, the causes of which AWS detailed in a “post-event summary,” highlighted how cloud infrastructure interconnects with many other services impacting society—especially when one entity controls 41 percent of market share. The AWS outage, though, is just the tip of the iceberg when it comes to the complexity of modern information ecosystems—and in not seeing the whole picture, countries risk more titanic breakdowns.
Modern information ecosystems are often misunderstood as separate or unique from all that came before. Yet information ecosystems have existed since our ancestors began communicating with gestures. People developed language (a tool) that they could speak (an output) to share ideas. The relationships that develop between people using tools to produce and share outputs form information ecosystems around collective concepts like an identity or a nation state. For example, Canada is a large and complex information ecosystem, with many diverse communities, framed around federal laws and a national identity—even if that is just a shared acceptance that we aren’t American.
As new means of processing information develop, information ecosystems become more complex. Every new tool (like the alphabet) leads to more outputs (like letters), with each innovation adding more complexity to the information ecosystem where they were introduced. Today, so much of modern communications relies on the internet and the complex systems underpinning it, but language and writing haven’t disappeared—they remain the basis for most of the means and outputs for communicating today. However, increasingly, most outputs shared in a digital society involve some form of information and communications technology (such as a cell phone, internet connectivity, and online platforms).
Each layer of technology introduces a vulnerability. An AWS outage brings down thousands of businesses and organizations. A failed cybersecurity upgrade disrupts Microsoft365 services, flights, medical appointments, deliveries, television broadcasts, and government operations. An outage with a popular content delivery network service provider takes out a fifth of all websites, including social media. A hardware provider leaves backdoors for surveillance. The owner of an internet service provider denies users access. Even an established technology—electricity—can cause chaos: In April, the Iberian Peninsula lost power for ten hours, severely impacting healthcare, education, and other aspects of daily life that depend on electricity-run information communication technologies. But until something happens that makes us stop and take notice, the interdependencies between factors within an information ecosystem go largely unnoticed.
What’s more, many of these examples were temporary problems and stemmed from errors or unknown causes. But with increasingly brazen cybercriminal attacks on airports, hospitals, and school boards, and energy and communication undersea cables regularly at risk (at least in the Baltic Sea), imagining how much worse it could be if the cause was deliberate and sustained isn’t hard. If an adversary wanted to bring a modern society to its knees, the most provocative way might be to take out a couple major cloud services or the power grid (as Russia did to Ukraine in 2016 with a cyberattack), and there goes most means of communication and dependent services.
The more a society relies upon digital technology to produce, share, and store most of its outputs, the more inherently fragile that information ecosystem becomes. But the situation is much more complex when humans—the heart of all information ecosystems—are factored in, and their role is often overlooked (especially when technology fails). For decades, the misconception that technology can solve human problems has boosted the notion that digital communication can replace human networks, rather than being additive to them. But how well a society navigates disturbances within its information ecosystems will depend, in part, on the social cohesion of its members.
Communities that tend to rebound well from disasters have higher rates of social cohesion, which stems from social participation and engagement of members in shared pursuits. Social cohesion can be difficult to measure, but factors such as a decline in volunteerism or trust levels in institutions and public figures can signal a dip. Social cohesion doesn’t just emerge by living somewhere, but by actively contributing to a community.
Many of these concepts—community, network, engagement—have been borrowed by tech companies to describe their systems, but if the virtual does not connect with physical lived experience, they do not carry the same meaning. Put another way, if a disaster (or even just a disruption to cloud services) takes away the ability to access a digital network, and its community ceases to function as a result, it does not have the social cohesion required for resilience. This is why focusing only on cloud services or any other technology in isolation is insufficient for understanding how they relate to the wider information ecosystem and what they mean to that system should it go down. For example, if a government were to focus on shoring up cloud providers but did not invest in education, it might find that its information ecosystems still fall apart in a disaster. Countries must see the whole iceberg—the people, the tools, and the outputs, all in relation to each other—to avoid sinking.
One step toward that understanding might be to rethink the way governments often work. Often, different teams across various agencies and departments cover parts of the national information ecosystem with little to no coordination among them. One team is focused on cyber security, while another might be tracking influence operations or foreign repression. Regulators might oversee critical infrastructure of communications services providers, sometimes media ownership. Off somewhere else entirely might be a team that understands the people in that information ecosystem, the strength of their social ties, and what skills they have. Brought together in an outcome-focused way—for example, in emergency management planning—each of these teams might contribute to a picture of the whole information ecosystem.
Beyond that, governments should quickly begin mapping the components within their information ecosystem to understand the interdependencies between people, tools, and outputs. Taking a structured approach will help identify vulnerabilities, particularly related to resilience of the system, should parts malfunction or fall victim to foreign interference. Building on this, governments should fund development of indicators to assess and monitor the state of the information ecosystems over time, getting ahead of potential problems.
Our overreliance on a couple of cloud service providers clearly is problematic, but so is the fact that we don’t know what other vulnerabilities are lurking beneath—and are quick to move on once the technology component is fixed. Taking an ecosystems approach will help governments get ahead of those yet unseen threats in the dark oceans ahead.
-1.png)
